EssayMark
Sign inTry free

Privacy Policy

Last updated: 5/20/2026

1. Who we are

This Privacy Policy describes how EssayMark ("EssayMark", "we", "us") collects, uses, and shares personal data when you use our website and Service. EssayMark is the data controller of your personal data for the purposes of applicable data protection law (including the GDPR and UK GDPR, where relevant).

2. Data we collect

  • Account data - email address, authentication identifiers (e.g. Google OAuth ID), and password hash.
  • Submission data - the essay questions, candidate answers, optional reference answers, and topic metadata you submit for grading.
  • Output data - AI-generated grading reports and your grading history.
  • Usage and technical data - IP address, device and browser information, log data, and basic product analytics.
  • Billing data - handled by our payment provider Paddle (see Section 4). We receive subscription status, plan, and a customer identifier, but not full card details.

3. How we use your data and legal bases

  • To create and operate your account and deliver the Service - performance of a contract.
  • To process your essays and generate grading reports - performance of a contract.
  • To process payments and manage subscriptions through Paddle - performance of a contract and legal obligation (tax, accounting).
  • To monitor for abuse, secure the Service, and prevent fraud - legitimate interests.
  • To improve our product and respond to support requests - legitimate interests.
  • To send transactional emails - performance of a contract. Any marketing email is sent only with your consent.
  • To comply with applicable law - legal obligation.

4. Sharing your data

We share personal data only with the following categories of recipients:

  • Paddle.com Market Limited - our Merchant of Record and payment processor. Paddle handles checkout, billing, tax, invoicing, refunds, and chargebacks on our behalf. See Paddle's privacy notice.
  • AI model providers - your submitted essay content is sent to large language model providers (e.g. OpenAI, Google) solely to generate your grading report.
  • Cloud infrastructure and database providers - for hosting, storage, and authentication.
  • Professional advisers - such as legal and accounting providers, where necessary.
  • Authorities - where required by law or to protect our rights.

We do not sell your personal data.

5. International transfers

Some of our providers are located outside the UK/EEA. Where personal data is transferred internationally, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or equivalent mechanisms.

6. Data retention

We retain account data for as long as your account is active. Grading submissions and reports are retained while your account exists so you can review your history; you can delete individual gradings at any time from your dashboard. When you delete your account, your personal data is deleted or anonymised within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes (typically up to 7 years for billing records).

7. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest for our database, scoped access controls, row-level security on user data, and least-privilege service credentials. No system is perfectly secure, but we work to protect your information.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your local data protection authority. To exercise these rights, email hello@essaymark.app. We respond within one month.

9. Cookies

We use only essential cookies required for authentication and session management. We do not set advertising cookies.

10. Contact

Questions about this policy can be sent to hello@essaymark.app.